This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
NeilDavey
Collaborator
‎2020-01-21 12:44 AM
Jump to solution

Application Anonymizer Exception

I have combined my Firewall and Applications and URL Filtering Policy now into a single layer and have a question about if I can add an exception to an Anonymizer category/OpenVPN?

I have created default recommended categories to block near the top of my rule base as attached.

I have a rule a few lines further down that requires OpenVPN which at the moment is being blocked due to the rules at the higher level.

I don't really want to move my rules above my recommended block rules, so was seeing if you are able to add an exception for the OpenVPN application to be allowed for a specific source and destination if possible?

This means I can leave all my rules in place and the exception would only allow this specific traffic from working.

Thanks

Application Control Filtering Rules.png
Preview file
32 KB
OpenVPN Rule.png
Preview file
9 KB
0 Kudos
1 Solution

Accepted Solutions
mdjmcnally
Advisor
‎2020-01-21 01:53 AM
Jump to solution

Category Override only works for URL, so I don't see a way to not have OpenVPN dropped at the Block Anonymiser Rule.

 

When you block categories then rules that allows Apps/URLs that would be blocked need to be placed above where they are blocked.

Don't see a way around that, when customers want to generally block file sharing and storage then rules where they want OneDrive or DropBox get placed above that block rule for the category.

Don't really see the issue with the structure, otherwise would be creating lots of exceptions constantly to allow specific apps within a category that don't want general access too.

View solution in original post

0 Kudos
1 Reply
mdjmcnally
Advisor
‎2020-01-21 01:53 AM
Jump to solution

Category Override only works for URL, so I don't see a way to not have OpenVPN dropped at the Block Anonymiser Rule.

 

When you block categories then rules that allows Apps/URLs that would be blocked need to be placed above where they are blocked.

Don't see a way around that, when customers want to generally block file sharing and storage then rules where they want OneDrive or DropBox get placed above that block rule for the category.

Don't really see the issue with the structure, otherwise would be creating lots of exceptions constantly to allow specific apps within a category that don't want general access too.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top